With over 3,800 data breaches reported until the end of June and over 4.1 billion records exposed, 2019 is on track to become the worst year on record for data breaches according to a report recently published by Risk Based Security. The number of breaches has increased by a staggering 54% from 2018’s midyear estimates.
Data breaches, while disastrous in themselves, never come alone: they are often followed by steep fines and customer loss of trust. Worst yet: 60% of small businesses go bankrupt within 6 months of a data breach. Companies are increasingly aware of the reality of these harsh figures and have started investing in data security strategies which aim to protect data and keep intruders out.
Encryption has emerged as a key component of these strategies and a way to secure data from malicious outsiders or the carelessness of employees. However, some organizations still hesitate when it comes to encryption due to a lack of understanding of its usefulness or the fear that its implementation may encumber networks and bring down employees’ efficiency. Encryption, however, is one of the most powerful and useful tools in the data security arsenal. Here are the most important reasons why:
1. Encryption is an efficient last line of defence
When it comes to cyberattacks, companies are sometimes powerless to stop them. Especially when they occur not as brute force attacks, but as a result of phishing or social engineering in which employees unwittingly click malicious links, download malware-riddled attachments or reveal their credentials to outsiders. Once inside the network, attackers can easily view and steal sensitive data. If that data is encrypted, they have no way of accessing it without a decryption key, saving the data from being compromised. Many encryption tools offer military-grade AES-256 encryption, widely-accepted as the strongest process of encoding messages at present. And while an effective data security strategy should ensure that companies need not get to this point, it’s always useful to have a back-up plan.
2. Encryption protects data on the go
Data on the move is one of the biggest security risks companies face. It means that portable devices, whether laptops, tablets or mobile phones, which contain sensitive data, move outside of the security both physical and digital of the company network. Whether it’s for meetings, conferences or remote working, an increasing number of employees take their devices out of the workplace.
These devices are vulnerable especially to theft or employees’ forgetfulness. A misplaced USB, a phone forgotten in a taxi, a laptop left unsupervised for a moment, can spell disaster. Encryption ensures that, whether these devices are lost, stolen or forgotten, the data on them is useless to anyone who tries to access it without a decryption key.
Companies should, therefore, ensure that all devices leaving the workplace are encrypted. Most phones have a native encryption option that can be easily activated, while laptops can have either their hard drives or sensitive data encrypted depending on the tools an organization wants to use.
It’s important that portable devices like USBs and external drives not be forgotten. USBs, in particular, fail to sometimes be taken into consideration in data security strategies while being, given their size and easy portability, one of the biggest offenders when it comes to data loss. Encrypting data on them is an easy solution to a persistent problem.
3. Encryption helps with compliance
Nowadays data protection is no longer an option. Companies can’t ignore the problem and hope they won’t be targeted by malicious outsiders. This kind of strategy might have been viable if risky option in a pre-GDPR world, but since the European Union’s General Data Protection Regulation took the world by storm, there are few countries where data protection legislation has not been adopted or is currently being debated.
The core of these new laws is data protection by design and by default, with the data subject as the focus. Under them, companies can be fined not only for data breaches but also for failing to respect the new rights granted to data subjects under them. Using encryption to protect sensitive data, whether at rest, in transit or on the move, is an effective step towards compliance.
In fact, the GDPR itself recommends encryption as an effective tool for data protection as do data protection standards such as the CIS Controls which advocate a data security strategy based on a combination of encryption, integrity protection and data loss prevention techniques.
As data breaches become an everyday occurrence, companies can no longer afford to ignore the need for effective data security strategies of which encryption is an indispensable tool. With many solutions freely available or already existing as native tools on mobile phones or operating systems, encryption is perhaps one of the simplest steps to take to protect data, with paid-for solutions available for more specific issues such as USB encryption.